Privacy policy

EXE Group Oy
Updated: 18.7.2024

1. The controller

EXE Group Oy (2660063-7)
Luolakalliontie 14, 21420 LIETO
E-mail address: sami.hakanpaa@exegroup.fi
(hereinafter "we" or "EXE Group Oy")

2. Contact person for register matters

Sami Hakanpää
sami.hakanpaa@exegroup.fi
+358 50 464 7582

3. Name of the register

EXE Group Oy's Privacy Policy

4. What is the purpose and legal basis for the processing of personal data?

The purpose of processing personal data is to:

  • delivering and developing our products and services; for example, personalising and further developing a website based on browsing data to improve the customer experience or managing access to different parts of the website and downloadable materials.
  • fulfil our contractual and other promises and obligations;
  • managing our relationship with our customers;
  • organising events;
  • analysing and profiling the behaviour of a customer or other data subject;
  • direct marketing and/or electronic direct marketing; and
  • targeting of advertising on our own and other online services.

The information that is stored in the register (data subject) consists of EXE Group Oy's customers, website visitors, and persons who have otherwise provided us with their data.

We use automated decision-making (including profiling) to identify personal profiles, online behaviour, age and consumption habits. We use this information, for example, to target our marketing and develop our services.

The processing of personal data is based on our legitimate interest based on the customer relationship and/or other material connection, the performance of a contract and/or consent.

5. What information do we process?

We process the following personal data in connection with the customer register:

  • basic data of the data subject, such as first name, surname*, date of birth;
  • the contact details of the data subject, such as e-mail address, telephone number, address;
  • data on the data subject's use of the website, such as website visits, products and services in which the data subject is interested;
  • information about the company and its contact persons, such as the business ID and the names, titles and contact details of the (registered) contact persons;
  • any direct marketing prohibitions and consents;
  • information on the participants of events and any event-related information;
  • customer and contract information, such as information on past and current contracts and orders, the user profile created on the basis of the customer relationship, call records, correspondence and other contacts with the customer/registered person, cookies and information related to their use;
  • any other information collected separately with the consent of the data subject that is necessary for the customer relationship, such as information that the data subject has filled in on the forms on the website, such as name, e-mail address, company-identifying information or other specific and relevant additional information.

The provision of personal data marked with an asterisk is a prerequisite for the establishment of our contractual and/or customer relationship. Without the necessary personal data, we cannot provide the product and/or service.

6. Where do we get the information?

We obtain information primarily from the following sources: from you, the civil registry, public authorities, credit reference agencies, contact information providers and other similar trusted sources.

In addition, personal data may also be collected and updated for the purposes described in this Privacy Policy from publicly available sources and from information obtained from public authorities or other third parties within the limits of applicable law. Such updating is carried out manually or by automated means.

7. To whom do we disclose and transfer data and do we transfer data outside the EU or EEA?

We do not disclose the information in the register to third parties.

We use subcontractors working for us to process personal data. We have outsourced the IT management and direct marketing service to an external service provider, on a server managed and protected by them.

We transfer personal data outside the EU or EEA. Where personal data is processed outside the EU or EEA, we will ensure that the subcontractor is bound by the EU Commission's Model Clauses on the processing of personal data and/or is covered by the Privacy Shield.

8. How do we protect the data and how long do we keep it?

Only those of our employees who are entitled to process customer data as part of their job are entitled to use the system containing personal data. Each user has his/her own user name and password for the system. The data is collected in databases protected by firewalls, passwords and other technical means.

We regularly assess the necessity of data retention in the light of applicable law. In addition, we will take reasonable steps to ensure that no personal data relating to data subjects that are incompatible with the purposes of the processing, outdated or inaccurate are kept in the register. We will correct or destroy such data without undue delay.

9. What are your rights as a registered user?

You have the right to inspect the personal data stored about you and to request the rectification or erasure of any inaccurate, outdated, unnecessary or unlawful data. If you have access to your data yourself, you can edit your data yourself. To the extent that the processing is based on consent, you also have the right to withdraw or modify your consent at any time. Withdrawal of consent does not affect the lawfulness of the processing that took place before the withdrawal of consent.

You have the right to object to or request restriction of the processing of your data and to lodge a complaint about the processing of your personal data with a supervisory authority.

For specific personal reasons, you also have the right to object to processing operations concerning you where there is a legitimate interest. When making your request, you should identify the specific situation on the basis of which you object to the processing. We can only refuse to comply with a request to object on the grounds provided for by law.

10. Who can you contact?

All communications and requests concerning this report should be made in writing or in person to the contact person designated in section two (2).